install
[!NOTE|label:references:]
# macOS or Linux 64
$ curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
# with binary
$ VERSION=$(curl --silent 'https://api.github.com/repos/fossas/fossa-cli/releases/latest' | jq -r .tag_name | sed -nE 's/[^0-9\.]*([0-9\.]+)$/\1/p')
$ FILENAME="fossa_${VERSION}_linux_$(uname -m).zip"
$ curl -fsSL -O "https://github.com/fossas/fossa-cli/releases/download/v${VERSION}/${FILENAME}"
$ sudo unzip -o "${FILENAME}" -d /usr/local/bin
apply CLI token
- go to User Settings -> Integrations -> API -> Add New Token
export new token
$ echo "export FOSSA_API_KEY='a******************************f'" >> ~/.bashrc $ source ~/.bashrcor using variable in command
$ fossa analyze --fossa-api-key a******************************f
CLI
[!NOTE|label:references:]
scan source code
[!NOTE|label:references:]
$ cd /path/to/your/source/code
$ fossa analyze
# with json output
$ fossa analyze --json
# or archive contents
$ fossa analyze --unpack-archives
with snippet scan
[!NOTE|label:references:]
$ fossa analyze --snippet-scan
scan binary
binary is built in Linux with ldd support
$ cd /path/to/binary
$ fossa analyze --detect-dynamic
vendored/archived binary
$ fossa analyze --detect-vendored
report
[!NOTE|label:references:]
requires a
Full AccessAPI token
# to generate cyclonedx report
$ fossa report attribution --format cyclonedx-json